Attackers use legitimate corporate contact forms to deliver phishing emails to infect enterprise targets with the IcedID info-stealing malware and also threaten them with lawsuits.
IcedID is a banking Trojan first discovered in 2017 and updated to deploy second-stage malware payloads, including Qakbot, Trickbot, and Ryuk ransomware.
The Microsoft 365 Defender Threat Intelligence Team recently detected this phishing campaign that seems to have found a way to go around CAPTCHA protection of contact forms to bombard the enterprises with phishing messages.
Justin Carroll and Emily Hacker – Microsoft threat intelligence analysts observed “an influx of contact form emails targeted at enterprises by means of abusing companies’ contact forms.”
To Read More: Bleepingcomputer